NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    Thanks for your interesting post, @plat1098 Much appreciated.
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    The exclude/whitelist seems to be the most request feature...

    I already disabled that rule to run that program.
     
  3. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    When i reboot or start up my PC(windows xp pro)the icon is not in/on the taskbar
    have to go to 'start/programs/locate the program and hit the windows for it to show and start??
    any advise?
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    This is strange, G. Let me just reboot my machine to see whether I have the same issue. Will be back in a couple of minutes .... Stay tuned ...
     
  5. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    OK, I'm back after a reboot. All icons are loaded in the taskbar. Hm... I'm using Win 10, so maybe it's an XP issue.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,352
    Location:
    Hawaii
    I loove OSa!!! It's running superbly on XP. On XP, by the way, installing OSa didn't start the tray icon. I had to do:
    Start>Programs>NoVirusThanks>OsArmor>OSArmorDevUI

    OSa won't let my ScreenSaver run. Will there eventually be capability for users to make exclusions?

    If NVT decides it's to be free, I hope there will also be a paid (annual fee) version. I want NVT to be around for a good while, & freebies won't get that done.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,002
    Location:
    .
    Date/Time: 12/21/2017 1:44:28 PM
    Process: [6028]C:\Users\bjms\AppData\Local\Temp\is-QAAKE.tmp\_isetup\_setup64.tmp
    Parent: [1968]C:\Users\bjms\AppData\Local\Temp\is-J9PIJ.tmp\DrvRadarPro_Setup.tmp
    Rule: BlockUnsignedProcessesAppDataLocal
    Rule Name: Block execution of unsigned processes on Local AppData
    Command Line: helper 105 0x344
    Signer:
    Parent Signer: NoVirusThanks Company Srl
    with all rules checked
     
    Last edited: Dec 21, 2017
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,370
    OS Armor is working as expected (it is blocking unsigned processes in temporary folders)

    While installing applications sometimes unsigned files are being launched in temporary folders. To be sure that OS Armor isn't blocking legitimate proecsses you have to uncheck the rule "Block execution of unsigned processes on Local AppData" prior installing of applications.
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,002
    Location:
    .
    Yes, working as expected. Thanks
     
    Last edited: Dec 23, 2017
  10. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    Yes still doing this??
     
  11. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    Still doing what? Rebooting? No!:D

    This is worth reading, Mr. G:
     
  12. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    still not loading up in taskbar
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,352
    Location:
    Hawaii
    Bummers, HayC. Sorry to hear that. Did you check Task Manager -- is OSArmorDevUI.exe running?
    • If it is NOT running, you can goto C:\OSArmorDevSvc & find OSArmorDevUI.exe listed therein. Execute it & at least you have tray icon w/o a reboot.
    • If it IS listed as running, then (maybe) kill it, then goto C:\OSArmorDevSvc & find OSArmorDevUI.exe listed therein. Execute it. If the tray icon still isn't there then .......... I am baffled.
    • Another possibility. Try rt-click start>properties>select task bar tab>customize. Then: is OSa's yellow shield icon shown? If shown, is it set as Hide when inactive, OR always show, OR ...? If the yellow shield icon is NOT shown then ....... o_O??
     
    Last edited: Dec 21, 2017
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,370
    A new release is ready (OS Armor v1.3) :thumb: with a big changelog
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,125
    Location:
    Italy
    Released a new version v1.3:
    http://www.novirusthanks.org/products/osarmor/

    [22-Dec-2017] v1.3.0.0

    + Block processes with known fake extensions (i.e .pdf.exe)
    + Prevent WMIC from using "process call create" via cmdline
    + Block command-lines that match *\Start Menu\Programs\Startup\*
    + Block command-lines that match shellcode-like patterns
    + Block execution of any process related to UltraVNC (unchecked by default)
    + Block execution of any process related to RealVNC (unchecked by default)
    + Block execution of any process related to Nir Sofer (unchecked by default)
    + Block execution of any process related to LogMeIn (unchecked by default)
    + Block known Bitcoin miners command-lines
    + Prevent wbadmin.exe from deleting backup catalog
    + Block unsigned processes located on root folder (i.e C:\) (unchecked by default)
    + Block SOAP WSDL requests via command-line
    + Block execution of syskey.exe
    + Block execution of cipher.exe
    + Number of pre-defined rules increased to 60
    + Do not delete the settings when the program is uninstalled
    + Improved showing of main window from tray icon
    + Fixed many false positives
    + Improved internal rules

    All reported FPs should be fixed.

    On the next version we will add support for exclusions and disable\enable protection via tray icon.

    @bellgamin

    Thansk for trying OSA :)

    Can you try this new version to see if your screen saver is executed fine now?

    In case it is not, please send me the log files so I can see why it is blocked.

    @bjm_

    I see it is blocked the .tmp setup file of Driver Radar Pro because it is unsigned.
    I'll make sure it is digitally signed in the next version of DRP.

    @hayc59

    I could reproduce the issue of no icon in the tray on Windows XP, will try to see why it happens.

    @Djigi

    Strange that Firefox has not digitally signed its .tmp setup executable, but sometimes happens.

    @rdsu

    That FP with Veeam should be fixed in v1.3.

    Let me know if it is gone if you'll test it.

    @Sampei Nihira

    Opening the Configutator works fine here on XP SP3, but will take a look at it.

    @Overkill

    I've added blocking of *keymaker* but blocking *patch* would generate many FPs.

    Some legit apps use "patch" in the file name.

    @mood

    Great explaination indeed :)
     
    Last edited: Dec 21, 2017
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    Thanks for the new version, Andreas. Good to know that Voodooshield and OSA are compatible with each other (thanks for the brilliant explanation, @mood).

    Edit: Looking forward to support for exclusions and to the option to disable/enable protection.:)
     
  17. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    Hence removed waiting for version that starts when PC loads thank you Andreas.
     
    Last edited: Dec 21, 2017
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,648
    Location:
    USA
    Thank your for such a quick release of a new version Andreas! I'm upgrading on Windows 10 x64 Pro now.
     
  19. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA

    Awesome Thanks! Love this app :thumb:
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,352
    Location:
    Hawaii
    The screen saver works fine now. Shazam! 10Q to the nth power. I deeply appreciate that you have included us XP die-hards in OSa-compatibles. XP FOREVER!!!
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,391
    Location:
    Under a bushel ...
    Sounds like it will be even more amazing once the signed driver version arrives.
     
  22. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    562
    Location:
    The Outer Limits
    V1.3 working very well here.

    Seems very compatible with other security softwares.

    Great program.... cheers:thumb:

    Regards Eck:)
     
  23. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    222
    Location:
    UK
    V1.3 working surprisingly well on this PC for a new prog.
    The only issue I have is with the LastPass extension in Opera that seems not to log in every time I start Opera because it creates a new and different numbered file (marked in bold) when it starts. Here is the log:

    Process: [2004]C:\Windows\System32\cmd.exe
    Parent: [6516]C:\Program Files\Opera\49.0.2725.64\opera.exe
    Rule: BlockExpPayload
    Rule Name: Basic anti-exploit protection (parent->child process)
    Command Line: C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\LastPass\nplastpass.exe" chrome-extension://hnjalnkldgigidggphhmacmimbdlafdo/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.6985ed9e95e77c1c > \\.\pipe\chrome.nativeMessaging.out.6985ed9e95e77c1c
    Signer:
    Parent Signer: Opera Software AS

    Regards
     
  24. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    It's fixed! Thanks
     
  25. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,377
    Location:
    Germany
    Hi all

    Here are the answers of it

    Hi Mops,

    1. No I do not need the blocked files, I just need the log file.

    2. We may add support for multilingual soon.

    3. On next versions we will make it install on C:\Program Files\ folder.

    If you have other questions just ask.

    Thank you,

    With best Regards
    Mops21
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.